[hashcash] Re: Idea for alternative hashcash/antispam implementation.
- From: "Eric S. Johansson" <esj@xxxxxxxxxx>
- To: hashcash@xxxxxxxxxxxxx, jesper@xxxxxxxx
- Date: Thu, 12 May 2005 07:12:11 -0400
Jesper Krogh wrote:
...
Greylisting is currently an exstremely effective way to stop spam at the
moment since most spammers use broken MTA's and thereby don't redeliver the
message. But as greylisting becomes more and more used, this picture is
likely to change.
...
The only negative thing I can come up with at the moment is that it
requires an SMTP-protocol update in order to work.
I created a variant called Brown listing. It uses existing blacklists
but if the message has a hashcash stamp in it, it passes. The cost of
postage for passing a blacklists is approximately three times that of
e-mail from a non blacklists a source. no need to modify SMTP, uses
existing data sources and builds on ordinary hashcash embedded within
e-mail.
additionally, with information gathered via camram, one could build a
group filter mostly automatically and any errors could be handled by
feedback created through white listing and large initial stamps. (i.e.
spam sources identified by corrected content filter data and corrections
applied by white listing sources)
I also suggested a method for propagating postage requirements via DNS.
One could use that to propagate the brown list value or one could
stick the brown list value into the 500 response message. The initial
weakness would be that with a small number of users, it could be
overwhelmed by the resources of the spamming community but as the user
population grows those resources would be quickly overwhelmed. In the
beginning, one could make the multiplier five or 10 times. A 10 minute
stamp for someone on a blacklist is not too horrible (unless it's me ;-))
---eric
--
http://www.wired.com/wired/archive/13.03/view.html?pg=5
The result of the duopoly that currently defines "competition" is that
prices and service suck. We're the world's leader in Internet
technology - except that we're not.
Other related posts:
